FediMeteo: How a Tiny €4 FreeBSD VPS Became a Global Weather Service for Thousands
86 points by draga79
86 points by draga79
Really cool writeup, except crying a little at normalizing München to Munchen :)
I know in other languages it kinda works, that ù -> u or ü -> u is the closest possible match but unfortunately not in German.
And honestly it's a pain in the ass, I'm french but I have a german name with a "ü", and it's routinely replaced with "ue" silently (looking at you, flying compagnies) which breaks many login forms for me.
I'm always happy to see another FreeBSD success story. The recent improvements in the 14.0/15.0 releases focused quite a lot cloud-related improvements and it seems that it paid of.
What's interesting is that even though podman is now a official port, it looks like it didn't gain much traction yet. At least for now, it looks like people still prefer established options like BastilleBSD (like used here) or even vanilla jail.conf.
While the OCI format is quite popular and convenient, I kind of get the sentiment, because usually a tarball without any OCI-like layers is more than enough to do the job.
The OCI runtime spec is now official, but there are a bunch of things (for example, scopes for SysV IPC objects) that are defined in this spec but not yet exposed in the Podman UI. There’s a well-defined path from Podman to runj / ocijail, but not from the user to Podman. Once that changes, I expect this to shift.
I’ve been trying to use Bastille and it’s just much worse than the OCI model. But running Postgres in a Podman-managed jail-backed container is a pain because you can’t enable SysV shared memory (which Postgres uses for synchronisation) from the UI.
Is there a particular jail manager you'd recommend instead of Bastille? I've been looking at it but with the many jail managers that exist (though only a few are still in use I believe) it's hard to determine what's worth using and what isn't, at least until Podman becomes stable enough.
Bastille is the best for managing jails, but I don’t want to manage jails. A jail is like a VM: it’s a complete userspace that needs updating and managing. Even the thin jails in Bastille are full FreeBSD systems and they’re stateful. There are a lot of things wrong with the OCI model, but it gets some of the fundamentals right:
It has clean separation of persistent state (volumes), initial state (images) and ephemeral state (CoW top layer). This makes management easier because you just need to be able to recreate the image. Bastille has templates, but they mutate a jail, rather than creating a new one. You can clone a jail, but you have to build the image vs container abstraction yourself.
If you don’t need fine-grained control over things that aren’t exposed, I’d use Podman.
Thanks for the details. This sounds familiar: when looking at e.g. Bastille, AppJail, and others, I noticed they all seem to be focused on mutating containers in place and in fact require their configuration to be present on the target host. I hope Podman becomes more commonly used, though it's a bit worrying that the underlying ocijail project isn't seen much activity in spite of not being feature complete.
I believe ocijail is pretty complete. Doug update it to the final spec. Most of the ongoing work is in podman to wire up the ocijail features to the UI.
Ah good to hear I was mistaken, this gives me more faith in Podman sticking around on FreeBSD for longer :)
The OCI model had a bunch of moving parts. The runtime (formerly known as the shim) manages the isolation mechanism but there are a bunch of other things:
The storage layer manages CoW for images. On FreeBSD Podman normally uses the ZFS implementation here, which is mature. Volumes are managed differently.
There’s also a lot of complexity in the networking. The runtime spec provides a minimum of network configuration but the CNI plugin model allows a much richer set of features such as creating private networks for container-to-container networking, multiple interfaces, and so on. There’s a lot of work still happening on that side.
That’s a great price for a small vps running FreeBSD. I’m running one at kamatera for ~3x the cost and about the same specs. It looks like he’s using OVH? They’re inexpensive, I was looking at them the other day, but I’ve read mixed reviews.
The articles says a German provider and OVH is French, I get only 2GiB RAM from OVH for my €4 VPS.
The original provider was netcup (the was is clearly stated in the post, and netcup is German). The current provider is OVH - Milan datacenter - https://www.ovhcloud.com/it/vps/ The VPS is: VPS-1
It's 3.82/month + VAT
Oh, I underestimated how much they change lowest-tier offering over time, thanks for details!
They do. That's why I suddenly moved: sometimes keeping an eye can be rewarding :-)
Well, hopefully it will not get much worse by summer (I am not too tight on resources for my homepage&email, and I took a year discount, partially to make sure most of whatever random pressing stuff like card reverification happens in summer when I have more time to deal with it)
I looked for the asn for the ip the site resolved to - looked like ovh, might have overlooked. Whoever they’re going through, those are better specs than anything I’ve been able to spin up at that price.
What’s your experience with ovh?
Right, I interpreted it wrong based on the OVH spec bump being too good to be true (but apparently it is true!)
OVH is pretty good to me. Sometimes I get an email notification that they detected an apparent attack and Did Something About It (then again «back to normal» a few hours later), I am not sure what exactly happens there but well it doesn't break what I do notice. It's not frequent. Generally things just work.
By default they gave me 1 (one) IPv6 address for the VPS, which was not autoconfigured in their Debian image. I added the address to the config and it works, and I did not look into getting a subnet (nor into what is the price).
In general you can pick between a few installation images, I picked Debian for the base and manage Nginx etc. via Nix that I installed on top.
My VPS is in that one datacenter group (but not in the unlucky racks) where «data goes straight up to the real clouds» fire happened. I paid for a month of a VPS in another OVH datacenter and redeployed there, I later got a few months of a compensation voucher automatically that I applied to the original VPS (as it had a year-prepaid mid-term) once the host got recovered/cleaned/restarted. I guess I liked that Octave Klaba personally went to the recovery and posted pretty reasonable technical updates on the progress of damage assesment / relaunching.
I might not like Tor exit node concentration as a thing that happens, but I consider OVH being a point of concentration a positive sign about OVH. In Wikileaks case, their refusal-to-take-position and requests to courts whether reports count as evidence of «obvious» illegality also look reasonable to me.